CVE-2025-9683 | O2OA up to 10.0-410 Personal Profile Page form cross site scripting (Issue 180)

A vulnerability was found in O2OA up to 10.0-410. It has been declared as problematic. Affected by this issue is some unknown functionality of the file /x_cms_assemble_control/jaxrs/form of the component Personal Profile Page. The manipulation results in cross site scripting.

This vulnerability is cataloged as CVE-2025-9683. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor replied in the GitHub issue (translated from simplified Chinese): “This issue will be fixed in the new version.”VulDB Recent EntriesRead More